Tips for the Cybersecurity Hiring Market

By Mark Aiello

 In CSC’s sixth annual Global CIO survey, the authors really want the discussion to be about CIOs as disruptive innovators, blazing new trails using big data, cloud and mobility. And I’m sure that the 590 IT executives featured in the report would also like trail blazing to be their primary jobs. But what the discussion largely ends up being about, here and almost any time you get decision-makers together, is security. The words “security” and “risk” show up 75 times, compared with 86 for “innovation,” the main theme of the report. Among respondents, 69 percent cite big data and 62 percent name IoT as a critical or high priority. The No. 1 technology priority (again) is security, with 83 percent calling it a top focus.

Channel companies know this better than anyone. You’re on the spot, being asked to recommend security technologies that may or may not protect customer data. To be successful, you need people with the right skills.

Unfortunately, that expertise is scarce and expensive. You’re competing not only with enterprises and security vendors but the government. You’ve seen the headlines: The Pentagon plans to triple its cyber workforce! The FBI’s Cyber Division plans to hire 1,000 agents and 1,000 analysts! DHS is hiring 1000 cybersecurity professionals!

In fact, I’m seeing the Feds hiring at as rapid a pace as the commercial market. They have no choice — regardless of the “government doesn’t pay enough” chanting, the federal government will find a way to increase the size of its cyber workforce. In fact, I predict that in 2015 Federal and state governments will syphon off cybersecurity talent at a level that will further squeeze the commercial market.

I won’t lie — it’s a tough situation. Here are some ways for both employers and employees to cope until the supply of security experts catches up with demand, plus a few predictions.

Employers: Build, don’t buy. I expect to see a huge increase in the investments organizations make in educating a cyber workforce. If your rule is that you hire, not train, rethink your rules. There will be a massive shift towards identifying smart, talented technologists and training them to become cyber professionals. It has happened throughout history with other labor markets, it will happen with this one. The Infosec Institute offers dozens of general courses, but also check with your vendor partners, including Cisco, IBM, Dell and the security specialists.

My take is that people solve more cyber problems than technology. Adding more layers of security products may plump up your bottom line, but I see too much money being wasted on technology solutions while forsaking the human solution. Progressive organizations realize this and make the appropriate investments in cyber talent. I predict a much larger percentage of enterprise cybersecurity budgets will be going to people, and if channel partners can’t supply that talent they’ll be marginalized.

Employers: Streamline the interview. I work every day helping companies of all sorts find talent, and I see it over and over. Do you recognize this process? A telephone interview with HR to qualify “culture fit”; followed by a technical telephone interview; followed by half-day (or longer) in-person interviews with HR (again), superiors, peers, and subordinates; followed by another in-person interview with the Big Dog or Dogs; followed by a lengthy decision-making time frame. If you do this, you will lose. There is virtually full employment among cybersecurity pros. Even if someone really wants to work for you, how many fake doctor appointments can one person have? Not enough to go through that process. Organizations will be forced to streamline the hiring process or consistently be the bridesmaid. I predict a more condensed interview process consisting of one technical telephone screening and one round of in-person interviews lasting no more than an afternoon. 

Security pros: Don’t get cocky. First, certifications still matter. Sorry if I hurt the feelings of all the non-certified security professionals reading this, but a security certification (or multiple certs) will open more and better doors. I am not saying that an individual who possess security certifications will make a better employee, or have better skills, than one who does not. I am saying that most hiring managers believe both to be true. I predict a dramatic increase in the number of new cybersecurity certifications and an increase in the number of certified cybersecurity professionals.

Second, you still need a polished résumé. Social doesn’t cut it. For example, LinkedIn is one of the greatest tools of all time for my business, but it will not replace a résumé. Ever. Why not? LinkedIn reminds me of Kenny Chesney’s lyrics to “Out One Night”:

I was a doctor, a lawyer, a senator’s son
Brad Pitt’s brother and a man on the run
Anything I thought would get the job done

That sums up LinkedIn. Individuals have long and detailed lists of achievements, accomplishments and things they do for fun. In fact, LinkedIn measures the completion percentage of your profile, pushing you to add more, more, more, resulting in a profile that takes forever to read and is nearly impossible to decipher. Craft a résumé that’s concise and to the point, because they’re here to stay.

Mark Aiello is president of Cyber 360 Solutions, a cybersecurity professional services and staffing firm headquartered in Boston. Cyber 360 Solutions is a division of Staffing 360 Solutions, a publicly listed company in the global staffing sector engaged in the acquisition of domestic and international staffing organizations with operations in the United States, Europe, and India. Previously, Mark was founder and CEO of The Revolution Group and secureRevGroup.
Twitter: @markaiello360